CVE-2022-25894

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/com.bstek.uflo/uflo-core

Identifiers

GHSA-8m9f-c5p9-wqch, CVE-2022-25894

Package Slug

maven/com.bstek.uflo/uflo-core

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

All versions of the package com.bstek.uflo:uflo-core is vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.

Affected Versions

All versions up to 2.1.5

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source